Skills
skills/tenequm/claude-skills/web3-protocol-gtm/Gen Agent Trust Hub

web3-protocol-gtm

Fail

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill includes multiple references to the URL https://1kx.network (in SKILL.md and references/metrics-launch.md) for an 'Onchain Revenue Report'. This domain has been flagged by the URLite scanner as a malicious resource associated with crypto scams (CryptScam). Including links to flagged domains poses a critical risk to users and agents that might navigate to or fetch data from these sources.\n- [PROMPT_INJECTION]: The skill outlines strategies for 'Agentic DevRel' (in references/developer-relations.md) that involve autonomous agents monitoring and reacting to external, untrusted data.\n
  • Ingestion points: The proposed system ingests untrusted data from GitHub commits and developer community messages.\n
  • Boundary markers: The documentation does not specify the use of delimiters or instructions to ignore embedded commands within the ingested data.\n
  • Capability inventory: The suggested agents have capabilities for proactive outreach, automated support response, and smart triage of builders.\n
  • Sanitization: No sanitization, validation, or filtering mechanisms are described for the external content before it is processed by the agent. This design creates a surface for indirect prompt injection, where attackers could influence agent behavior through malicious data in commits or messages.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 30, 2026, 12:06 AM